Visible to Intel only — GUID: GUID-8A18EA76-2F38-452F-A425-7EF0E915ECEF
For API Level 1 - Intel® ME 7.x - Sandy Bridge
For API Level 1.1 - Intel® ME 8.x lite - Sandy Bridge
For API Level 2 - Intel® ME 8.0 - Ivy Bridge
For API Level 3 - Intel® ME 8.1 - Ivy Bridge
For API Level 3 - SEC1.0, SEC1.1, SEC1.2, SEC2.0
For API Level 4 - Intel® ME 9.5, Intel ME 9.5.55 - Haswell
For API Level 4 - Intel® ME 9.1, Intel ME 9.1.35 - Haswell
For API Level 5 - Intel® ME 10.0.0 - Haswell
For API Level 6 - Intel® ME 10.0.20 - Broadwell
For API Level 7 - ME 11.0 - Skylake_LP and Skylake_H
For API Level 8 - TXE3.0 - Broxton, ME 11.5/11.8 - Kabylake_LP, Kabylake_H
For API Level 9 - Intel® ME 12.0 - Cannon Lake
Trusted Application Validation Guidelines
Validating the Manifest
Memory and Performance
Error Handling and Recovery
Functional Validation and Multi-Instance Support
Pack and DALP Generation and Validation
Host-Side Software Validation Guidelines
Trusted Application Management Flows
Error Handling and Recovery Flows
Multi-Instance and Interoperability Testing of Trusted Application Management
General and Platform-Related Events
End-to-End and Setup Validation Guidelines
Cross Trusted Application Interoperability Functional Testing
Creating a New Project
Importing an Existing Project
Converting an Existing Project
Building and Packaging Your Project and Running in Emulated Environment
Running Your Project
Running and Testing on Emulation and on Silicon
Debugging Trusted Applications
Preparing and Submitting Your Project for Signing
Signing an Applet
Signing New Versions
Visible to Intel only — GUID: GUID-8A18EA76-2F38-452F-A425-7EF0E915ECEF
Applet Manifest
This page provides an overview of the applet manifest's importance in an applet, and how it controls the applet's access to Intel® Dynamic Application Loader (Intel® DAL) features. For a list of the fields in the manifest, see the Applet Manifest guidelines page.
Every trusted application includes an applet manifest. The manifest is a file that contains the applet's metadata: supported firmware versions, the list of Java* classes the applet has permission to access, the applet's heap size, and so on. Some of the manifest fields are descriptive, while others modify the applet's behavior. The contents of the applet manifest determine whether the applet has permission to access any or all of the other features described in this section.
The contents of the manifest are verified with each signing request, and this information is signed in the trusted application itself.
Some of the manifest fields are available to the host software to identify the trusted application with which it is currently communicating, while some of the fields are internal to help the user notate a project.
The Intel DAL Manifest Editor, which comes as part of the Eclipse plugin, can be used to edit the editable fields in a manifest, if needed. The Intel DAL Manifest Editor checks the validity of each value, and checks compatibility between the firmware version and the API version used in a trusted application.
Trusted Application SKUing
Intel DAL supports trusted application SKU limitations in the trusted application manifest. An applet can be restricted to running only if the system has a PCH listed in in the SKU list, or if the system uses a specific CPU, or on a platform with a specified feature set.
The trusted application manifest is signed, and the enforcement is performed by the firmware so it cannot be circumvented.
A trusted application can be limited to:
- PCH SKU list
- CPU type list (e.g. Intel® vPro™ technology, Intel® Core™ processor)
- Platform-specific feature set (e.g. Intel® Management Engine (Intel® ME) 8-full)
Because each trusted application manifest is signed, this mechanism is more secure than software or installer solutions and cannot be circumvented. See the SKU Matrix section of the Applet Manifest guidelines.
Supported from API level 2